Slow network using an MPLS router to point internet traffic to a juniper firewall

I have a site that is one of a dozen MPLS connected sites. All MPLS traffic is great. At this site there is also a Juniper firewall connected to a T1 provided by another ISP. This external T is used for internet access and some VPN tunnels.

All computers and devices at this site use the MPLS router as the default gateway. The router has an appropriate default route pointing to the firewall.

When computers use the MPLS router as the gateway and get pointed out the firewall for external traffic the connection is extremely slow.

When computers use the firewall as the gateway, traffic is very fast. There is obviously some less than ideal configuration between the firewall and the router. The router is a cisco 3400 and the running config is attached.

I don't think that having those other 180 devices on the same switch will lower the communications performance, I think there is something going on with the way the communication is flowing on the net.

I now believe I left out something important. Both the router and firewall are patched into the same switch. There are another 180 devices also plugged into the same switch. I can try setting the connestions to 1000/full, however, performance is not an issue when traffic goes dirctly from the switch to the firewall, and directly from the switch to the MPLS router. It is only slow when the traffic goes accross the switch to the MPLS router, and then back across the switch to the firewall and finally out to the internet.

I don't think that having those other 180 devices on the same switch will lower the communications performance, I think there is something going on with the way the communication is flowing on the net. What voipman suggested is actually the first thing that crossed my mind, and for a connection like this you want to have that set ASAP.

I'm not sure what switch you have between the FW, MPLS and the other 180 deivces. But it sounds like you have all those three pointing to the same subnet, for example 192.168.1.0; correct me if I'm wrong.

If this is the case, then you have 2 default gateways to the OUTSIDE CLOUD for the local network but you configure only one for each device. Use a different subnet between the MPLS and the FW, if you don't want to expend money on a small switch connect them directly using a crossover cable, change your routing and it should work fine. Else, create a VLAN on the current switch, configure a different subnet for the MPLS to FW connection and set aside 2 ports for the new VLAN that will host this connections. Re-configure your routing. At the end you should have communication this way.

DEVICE to MPLS across (new switch OR crossover cable OR VLAN) to FW to OUTSIDE CLOUD

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…